Mediaboss Marketing

Keeping the internet open, free, and secure requires eternal vigilance and the constant cooperation of freedom defenders all over the web and the world. Over the past eight years, the Open Technology Fund (OTF) has fostered a global community and provided supportboth monetary and in-kindto more than four hundred projects that seek to combat censorship and repressive surveillance, enabling more than two billion people in over 60 countries to more safely access the open Internet and advocate for democracy.

OTF has earned trust over the years through its open source ethos, transparency, and a commitment to independence from its funder, the US Agency for Global Media (USAGM), which receives its funding through Congressional appropriations.

In the past week, USAGM has removed OTFs leadership and independent expert board, prompting a number of organizations and individuals to call into question OTFs ability to continue its work and maintain trust among the various communities it serves. USAGMs new leadership has been lobbied to redirect funding for OTFs open source projects to a new set of closed-source tools, leaving many well-established tools in the lurch.

EFF has maintained a strong relationship with OTF since its inception. Several of our staff members serve or have served on its Advisory Council, and OTFs annual summits have provided crucial links between EFF and the international democracy tech community. OTFs support has been vital to the development of EFFs software projects and policy initiatives. Guidance and funding from OTF have been foundational to Certbot, helping the operators of tens of millions of websites use EFFs tool to generate and install Lets Encrypt certificates. The OTF-sponsored fellowship for Wafa Ben-Hassine produced impactful research and policy analysis about how Arab governments repress online speech.

OTFs funding is focused on tools to help individuals living under repressive governments. For example, OTF-funded circumvention technologies including Lantern and Wireguard are used by tens of millions of people around the world, including millions of daily users in China. OTF also incubated and assisted in the initial development of the Signal Protocol, the encryption back-end used by both Signal and WhatsApp. By sponsoring Lets Encrypts implementation of multi-perspective validation, OTF helped protect the 227 million sites using Lets Encrypt from BGP attacks, a favorite technique of nation-states that hijack websites for censorship and propaganda purposes.

While these tools are designed for users living under repressive governments, they are used by individuals and groups all over the world, and benefit movements as diverse as Hong Kongs Democracy movement, the movement for Black lives, and LGBTQ+ rights defenders.

OTF requires public, verifiable security audits for all of its open-source software grantees. These audits greatly reduce risk for the vulnerable people who use OTF-funded technology. Perhaps more importantly, they are a necessary step in creating trust between US-funded software and foreign activists in repressive regimes. Without that trust, it is difficult to ask people to risk their lives on OTFs work.

It is not just OTF that is under threat, but the entire ecosystem of open source, secure technologiesand the global community that builds those tools. We urge you to join EFF and more than 400 other organizations in signing the open letter, which asks members of Congress to:

EFF is proud to join the voices of hundreds of organizations and individuals across the globe calling on UGASM and OTFs board to recommit to the value of open source technology, robust security audits, and support for global Internet freedom. These core valueswhich have been a mainstay of OTF's philanthropyare vital to uplifting the voices of billions of technology users facing repression all over the world.

Read more from the original source:
OTF's Work Is Vital for a Free and Open Internet - EFF

Five years ago, cybersecurity researchers accomplished a rare feat. A team at the Pentagons far-out research arm, the Defense Advanced Research Projects Agency (DARPA), loaded special software into a helicopters flight control computer. Then they invited expert hackers to break into the software. After repeated attempts, the flight control system stood strong against all attempts to gain unauthorized control.

This outcome was unusual. Experienced hackers who are given direct, privileged access to software almost always find a way in. The reason is simple. Decades after the birth of computer programming, modern software products are riddled with flaws, many of which create security vulnerabilities that attackers can easily exploit to slip through digital defenses. This is why reducing the error rate in software code is essential to turn the tide against relentless computer criminals and foreign adversaries that steal wealth and menace critical infrastructure with relative impunity.

How was DARPAs custom flight control software able to shrug off its assailants? The researchers turned to formal methods, a frequently overlooked group of technologies that programmers can use to create ultra-secure, ultra-reliable software. DARPAs experiment is one of several examples that underscore the potential for formal methods to remake software security. They herald a not-too-distant future when radically safer, more secure software can allow us to embrace other emerging technologies without catastrophic consequences.

Before it is ready for primetime, any piece of software should be able to satisfy at least two criteria:

Because most customers use software as it is intended, software programmers devote most of their attention to satisfying the first criteria: ensuring the software works properly under normal conditions. This is relatively easy to evaluate through user feedback, as customers tend to be vocal when a piece of software obviously misbehaves or omits an advertised feature.

The second dimension is much trickierand the bane of the cybersecurity community. Virtually all software code contains defects that can cause the software to fail in some way. Humans write software, and our species is naturally prone to mistakes. Larger and more complex software applications multiply opportunities for committing and overlooking errors by orders of magnitude. Human minds excel at creating highly capable software (the first criteria), but they are ill-equipped to identify and eliminate software defects.One defect might be harmless, while another might crash the entire program. Others can lead to security failures. These happen when human attackers purposefully exploit defects to cause a specific kind of software failure that achieves their own objectives, such as leaking private data or giving control to them, the attacker.

The software industry has coalesced around two methods for reducing the error rate in software code. The first is simply education and knowledge exchange. Experts collaborate on a global scale to share information about software vulnerabilities and how to fix them. Yet as computing has matured, this body of knowledge has become overwhelming. It is extremely challenging to know when to apply lessons learned and how to verify implementation. Another common method to improve software quality is intensive testing. Yet this can consume massive resources, and most testing only indicates the presence of defectsit cannot prove the absence of them. Given the context of cybersecurity, where attackers actively hunt for any possible flaw that designers overlooked, these two methods have proved insufficient in solving software security.

Formal methods encompass a group of technologies that aim to manage these problems much more effectively by supplementing human resources with computational resources. In the 1970s, when it became clear that computers would become the foundation of military power, the defense community realized it needed greater assurance that its software was of the highest quality and free of security issues. Early programmers knew they could not rely on human judgment alone to ferret out all possible security vulnerabilities. They needed ways to prove that critical pieces of software would not crash by accident or contain unknown security flaws that attackers could exploit. They wanted to maximize confidence that a specific software application would do only what its authorized users intended, and nothing else.

What is the best way to prove an objective truth? Math and logic. The pioneers of formal methods adapted mathematical logic to construct abstract representations of software (I want this program to do X) and then use advanced mathematical theorems to prove that the software code they wrote would only accomplish X.

The term formal methods evolved over time, and today it represents a spectrum of sophistication, from relatively simple instructions for planning a software project to automated programs that function like a super spell-check for code. The method of analysis varies between different formal methods, but it is largely automated and ideally carried out with mathematical precision. Lightweight formal methods are already in widespread use today. Static type theory, for example, has become a standard feature in several programming languages. These methods require no specialized knowledge to use and provide low-cost protection against common software faults.

More sophisticated formal methods can prevent more complex problems. Formal verification is one such example and it enables programmers to prove that their software does not contain certain errors and behaves exactly according to specification. These more advanced methods tend to require specialized knowledge to apply, but with recent advances this bar has been coming down. (For a more detailed description of different types of formal methods, curious readers should read pages 6-9 of this report by the National Institute of Standards and Technology.)

Problems with formal methods and recent innovation

Like the neural networks that revolutionized artificial intelligence, formal methods are a technology undergoing a renaissance after spending decades in the shadows. As software became more complicated, applying the more advanced tools for proving codethe ones that could provide the highest assurance that security vulnerabilities were absentbecame exponentially more difficult. As the National Institute of Standards and Technology explains, formal methods developed a reputation as taking far too long, in machine time, person years and project time, and requiring a PhD in computer science and mathematics to use them. For a long time, formal methods were relegated to mission-critical use cases, such as nuclear weaponry or automotive systems, where designers were willing to devote immense time and resources to creating error free software. But research into formal methods continued, led by a dedicated corps of experts in academia, federal research institutions, and a handful of specialized companies.

More recent developments, including DARPAs helicopter project, suggest formal methods are poised to remake how we design software and transform cybersecurity. In November 2016, the National Institute for Standards and Technology delivered a comprehensive report to the White House recommending alternative ways to achieve a dramatic reduction in software vulnerabilities. Devoting six pages to formal methods, the report noted that formal methods have become mainstream in many behind-the-scenes applications and show significant promise for both building better software and for supporting better testing.

Leading technology companies have quietly rolled out formal methods in their core businesses. Amazon Web Services (AWS), arguably one of the most important infrastructure providers on the planet, has an entire team that uses formal methods to create provable security for its customers. Facebook has shown how formal verification techniques can be integrated into a move fast and break things approach with its INFER system, which continuously verifies the code in every update for its mobile applications. Microsoft has also stood up its own dedicated team on formal verification. As one team member explained last year, Proving theorems about programs has been a dream of computer science for the last 60 years or more, and were finally able to do this at the scale required for an important, widely deployed security-critical piece of software. And it is not just Big Tech. Specialty companies like Galois, Synopsys, and MathWorks are creating a more competitive market for sophisticated formal methods solutions that companies of various sizes can put to work.

Looking forward, the National Science Foundations ongoing DeepSpec Expedition in Computing has demonstrated the applicability of these methods to increasingly complex engineering tasks, including the development of entire operating systems (which tend to be much larger than single applications), database engines, memory managers, and other essential computing and software components. These successes represent a significant step forward for the field, which has long sought to find reliable, low-cost/low-time methods for engineering such components.

These clear signs of progress notwithstanding, the most sophisticated types of formal methodssuch as full-blown formal verificationare still a long way from becoming a go-to tool for the average software developer. The organizations listed above are not representative, of course, and challenges still remain to bring formal methods to the rest of the software industry. We need an ecosystem of tools, more training for working engineers, and more consensus on when to deploy which methods. We also need to begin changing the way software standards committees publish their work; instead of prose, they should begin publishing formal models that allow the application of formal methods. Lastly, we need to begin educating technology decisionmakers about these capabilities and their ramifications.

There are at least two reasons why industry and government should seize on ongoing innovations in the field and accelerate adoption.

First, unlike many cybersecurity measures, proper application of formal methods does not only drive costs up. Since formal methods reduce overall defect count in software, systems built with formal methods can require less maintenance and thus be cheaper to operate than todays ad-hoc alternatives. Additionally, further improvements in automation are expected to provide these benefits without adding significant cost to the initial engineering efforts. Whereas as most security measures drive costs and hurt profit margins, proper use of formal methods can help defeat attackers while improving the bottom line. Even where software is too complicated to use formal verificationthe most robust weapon in the formal methods arsenalmuch more basic formal methods can still lower software lifecycle costs simply by enforcing more rigorous development practices that some software developers know, but dont use.

Second, the steady drumbeat for software liability may soon change the cost calculus for software developers who have traditionally not born all the costs of unreliable, flawed software. The final report issued by Congress Cyberspace Solarium Commission recommended that Congress should pass a law establishing liability for final goods assemblers of software that contains known and unpatched vulnerabilities. Some types of formal methods offer clear opportunities to establish more objective standards of care for determining such liability.

Just one bug in one line of code

Today, we have a global software industry that frequently creates software in an ad-hoc manner, churning out products without truly knowing what is in them, how they might fail, and what will happen if they do. The situation was tolerable when software did not run the world but computing now either controls or informs nearly every aspect of the economy, politics, and social life. And because the individual components that make up a larger software program are interdependent, even a single error in any phase of the manual development processdesign, implementation, testing, evaluation, operation, maintenancecan be catastrophic. One bug in one line of code can create a security vulnerability that spans millions of computer systems, enabling data theft and digital disruption on a massive scale.

Formal methods are not the ultimate answer to cybersecurity. Even their most sophisticated manifestation, formal verification, cannot guarantee perfect security. Neither can the worlds best engineers guarantee that a skyscraper will not collapse. But through rigorous standards, objective testing, and the scientific method, they have achieved an outstanding record. By injecting similar rigor into the software industry, formal methods can, at the very least, give us much higher assurance that digital technology will behave.

Tim Carstens is an adviser at the Cyber Independent Testing Lab.David Forscey is the managing director of the Aspen Cybersecurity Group. He previously worked in the Center for Best Practices at the National Governors Association and Third Way.

Read more here:
Formal methods as a path toward better cybersecurity - Brookings Institution

This Computer Weekly Developer Network series is devoted to examining the leading trends that go towards defining the shape of modern software application development.

As we have initially discussed here, with so many new platform-level changes now playing out across the technology landscape, how should we think about the cloud-native, open-compliant, mobile-first, Agile-enriched, AI-fuelled, bot-filled world of coding and how do these forces now come together to create the new world of modern programming?

This contribution comes from Ezat Dayeh in his role as SE Manager UK&I at Cohesity the company is known for its capabilities aligned to tackle mass data fragmentation through data management, beginning with backup.

Dayeh writes as follows

What 2020 has shown (given the Covid-19 pandemic, political upheavals and everything else) is that business processes need to be adaptable and flexible if they are going to survive the new ways of working and respond to changing consumer habits and the difficult economic challenges.

Software development cycles have always been pressured to deliver right-first-time production software fast, so dev teams scrum and sprint, but what often holds them back is the ability to access data they need because of infrastructure issues. Data is too often fragmented across a host of silos that cant match the speed needed (and also costs too much) to give developers the tools to make sure their software is fit for purpose.

Cohesitys Dayeh: Say goodbye to monophasic development, say hello to the new mix.

What modern software development needs is an infrastructure that provides an agile, simple and risk-free development environment.

Test data, for example, is a critical part of the software development lifecycle. Development and test teams need enough quality test data to build and test applications in a scenario that reflects the business reality. Since it is a foundational element, changing this variable affects larger processes. Faster access to test data can directly speed up time to release. Higher quality and more realistic test data can reduce the number of defects customers encounter in production software.

Theres always a but (so here it is): traditional test data management infrastructure is misaligned with modern software development.

Monophasic development and monolithic applications have been replaced in favour of more iterative development predicated on microservices. The adoption of DevOps methodology and Agile development practices have evolved to support this trend. However, the underlying problem of data availability has largely remained unresolved.

The legacy approach of traditional test data management delays development and testing, giving that provisioning the relevant data itself can take days or even weeks. And it is a legacy issue its a hard, technical problem to be able to provision data to multiple teams, across multiple geographies, at an ever-growing pace.

But doesnt the public cloud overcome legacy issues?

To an extent the public cloud has accelerated the pace of innovation by bringing elasticity and economics while reducing time to market for new applications. However, it is not a panacea.

Public cloud environments carry over operational inefficiencies from their legacy on-premise environments and introduce several new challenges. For most organisations, their data footprint straddles multiple public clouds and on-prem environments. So test/dev requires data mobility between environments. The advent of dev/test in the cloud adds additional roadblocks, including the misalignment of formats among on-premise and public cloud VMs. This schism leads to manageability strains, presents an impediment to application mobility and often is accompanied by dramatic cost challenges.

A way of speeding up test/dev is to repurpose backup data as test data.

This means you can back up one server or databases, instantly make a clone of it without consuming extra storage and use that clone to help develop applications and software. It doesnt require additional infrastructure and the management overhead is part and parcel of the backup.

This gives teams near-instant and self-service access to up-to-date and zero-cost clones, increasing the speed, quality and cost-effectiveness of development. Or to put it more succinctly: for faster software development, IT teams should look for software solutions that provide instant zero-cost clones.

Data management has a special role to play in terms of modern software application development and it can help define a new rhythm for the paroxysms of data schism.

Can you get with the beat?

Cohesity promises to consolidate data management silos with a single, web-scale solution. (Approved Image Source: Cohesity).

Continue reading here:
Modern development - Cohesity: Defining a new rhythm for the paroxysms of data schism - ComputerWeekly.com

DUBLIN, Calif., June 25, 2020 (GLOBE NEWSWIRE) -- Riverbend Fresh, LLC is the latest customer to pick up the food safety mantle and join iTrades iTracefresh program. As the leading global provider of supply chain software for the food and beverage industry, iTrade is pioneering efforts to build the worlds safest and most comprehensive global food supply chain. To underline its commitment to guaranteeing the safety of our food, it has removed all barriers to adoption, offering the iTracefresh traceability suite to any suppliers, or indeed any buyers, entire supplier portfolio for the first year free of charge.

At Riverbend Fresh, we believe that knowing where your produce comes from and how its grown is essential for our consumers to make the best choices for their families. Weve built our business around the idea of transparency, which is why we are excited to use iTrades traceability. Through this free offer, we can grow our business while affirming our commitment to providing safe, fresh, high-quality produce, comments Kym Sanders, Food Safety Manager at Riverbend Fresh, LLC.

In addition to protecting a suppliers brands during recalls and enabling critical downstream supply chain visibility, iTrades traceability solutions help grow its customers businesses. Data from a yearlong pilot with a major industry buyer showed that suppliers adopting iTrade traceability increased their trading volumes by an average of 55 percent in just 12 months. Additionally, a sample of just four new growers added a combined $10 million in revenue over the same period.

The world would be a better place if everyone knew where their food came from, says Rhonda Bassett-Spiers, CEO of iTradeNetwork. Whether youre a small, family farm or a large, enterprise operation, we want to make food safety and traceability accessible to everyone. We are happy to have Riverbend Fresh join us in creating the worlds safest food supply chain and grow their business in the process.

Riverbend Fresh, LLC is a grower, packer, shipper and distributor of quality fresh produce located in the heart of Californias San Joaquin Valley among the most productive agricultural regions on earth. At Riverbend Fresh, LLC, they specialize in shipping the freshest produce commodities to wholesalers, distributors, retailers, and food service receivers nationwide. They come from a long line of family farming industry experience and are dedicated to meeting the demands of our customers with excellent service.

Suppliers interested in adopting iTrades iTracefresh traceability suite and enjoying the first year, free of charge, should visit https://www.itradenetwork.com/itracefresh/item/. The promotional package includes two of iTrades products: its Produce Traceability Initiative (PTI) case labeling solution, and its Palletized Advanced Ship Notice (ASN) solution, Transit.Qualifying suppliers may also receive the free field kit hardware package that includes a printer, two mobile devices, and 10,000 labels to help them get started on iTracefresh.

Contact:Bryn McFadden925-660-1100inquiries@itradenetwork.com

Read more from the original source:
Riverbend Fresh, LLC, Joins The Movement to Build The World's Safest Food Supply Chain Adopting The Free iTrade Traceability Campaign - GlobeNewswire

6/25/2020

HOUSTON - Weatherford International announced its Production Optimization Software Platform increased production by nearly 6,000 barrels per day, boosting revenue by $156 million over three years for a Middle East operator.

The Weatherford production optimization software platform enabled the customer to automate production monitoring, analysis, and optimization asset-wide for 1,700 Electric Submersible Pump (ESP) wells. Once the Weatherford team mapped and identified the data requirements needed to build and sustain an automated ESP well model, they instituted automated data gathering, model tuning, and data-quality validation. These steps enabled the customer to proactively manage failures and opportunities in real time across all wells from a single, integrated platform.

"Weatherford digitalization solutions place a premium on achieving a return on investment in a very short time while building value over the long term," said Manoj Nimbalkar, Vice President, Production Automation and Software, Weatherford. "The new model indicated optimization opportunities in 40% of the customer wells, and within six months, this solution increased incremental production and revenue at a rate of 2,000 barrels per day. In short, this solution paid for itself in a matter of weeks."

Over the three years since implementation, the value of the system has increased. The CAPEX-free solution identified opportunities that improved production by nearly 6,000 barrels per day, representing a $52 million average annual increase in incremental revenue, or $156 million over three years.

A critical customer requirement was that the solution must be able to expand beyond ESP to every form of artificial lift and enable pattern-recognition techniques for predictive failure management. The software platform integrated all data into a single system and eliminated data-quality issues, which led to a 95% increase in data-quality KPI compliance. The newly available integrated data and improved data quality allowed the customer to implement predictive-failure analytics for ESP wells by using machine learning, and also set the foundation for optimization and predicting failures for other forms of lift.

"The operator selected the Weatherford production optimization software platform as the sole system because of its ability to manage all forms of lift," said Nimbalkar. "The platform reduced downtime in some assets by 30% through proactive failure management and pattern-recognition models. This is the key to our technologies: Rather than only striving for more barrels, we make equal gains in asset uptime and personnel efficiency to deliver a value that is unmatched in the market today."

View original post here:
Weatherford digital transformation program adds $156 MM in revenue for Mideast operator - WorldOil